Posted
by
Cliff
on Wednesday October 18, 2006 @12:26PM
from the big-brother-in-the-office dept.

kooky45 asks: "My team has recently installed content filters for my company which restrict the web sites that employees can visit. It also logs the sites they do visit; not whole URLs, just the site domain names. This has been useful for a couple of disciplinary investigations of employees suspected of wrongdoing. However, word has got round to some managers that this capability exists. They are starting to ask my team to provide lists of sites that their team members have accessed over the past few weeks, claiming they are suspicious of time wasting on the Internet and need proof. We're pushing back because of privacy concerns but the pressure is building on us. We have no experience in this area, and I'd like to ask Slashdot how other companies handle this, what the important considerations are, and where it could all go wrong?"

Our employee AUP specifically states that the company
equipment belongs to the company, and there should be no expectation of privacy.
It also states we perform monitoring of Internet and email activity. All
employees are required to agree to the policy before they are granted access.
Supervisors occasionally do request reports from our logs when they're trying to
determine how productive their employees are. This is one of the reasons
we have the logging in place.

Ditto. However, we do perfer that the request is sent by a "director" level manager before we send out the report, so that more the one person knows about the existance of a particular report concerning a particular employee. We don't jump for anyone who has some type of supervisory title / job function.

We do exactly the same thing and it works very well. Very few of these people take it any further once they realise they need approval from a director.

My line with most monitoring and lockdown requests is that it's a management issue, using the IT Department to control your staff builds resentment towards IT and often punishes other members of staff when all it would take to solve is a quiet word with the individual concerned.

Ok, How do you seperate the real "user wanted to go there" site access from spyware popup access, mispelled domain names or even (Spam?) email that links to images from other sites? We have all seen those porn popups when simple mispelling of domain names happen. Also, I'm writing this on a customers computer, in thier law office, at 12:30 in the morning. I finished up work and decided to check some stuff. Would your system account for this? What I decided to check on was a drive's status for an RMA. I also

The requests come from Director-level management, and usually after they already know they're not being productive. It's usually to determine whether or not to limit or terminate someone's Internet access. Although there also have been occasions where someone has complained about walking into an office and seeing porn on the screen - potential sexual harrassment fuel.

At our shop, requests for such information come from the HR director or the General Manager and only those people. And such information is provided to them and them alone. Such rules make our lives easier. HR and/or the GM workout what to do with the department head -- solutions which may involve IT or not.

Such requests are rare now. They are usually handled by the supervisor alone now without need of escalation.

I'd mod the parent up if I had moderator points. This is so true. It's not the fact that employees surf the Web at work, but that some employees abuse it. Providing an environment that promotes good will between employee and employer goes a long way to improve everyone's satisfaction and productivity. It's just when it is abused that it becomes problematic. And again, that's when HR should be involved....

Like all employment, everything is negotiable. For example, employers have the right to be as draconian as they wish. Some don't allow internet access at all, for example. Some do with heavy filtering, and dismissal for the slightest infraction, for ANYONE. Employees on the other hand, are not without rights themselves, chief amonst them, the right to walk away. If an employer seems unreasonable, then work for someone else. If you don't have the skills to do that, put up with it until you do. People who won

I was reading an article a while back about how more and more employees are coming to either expect, or desire as a perk, unfettered internet access.

I wonder if anyone has done a study or survey of how much employees value their internet access, and what kind of pay cut they'd be willing to take for it, or what kind of pay bump they would require to move to a company that didn't offer it.

Right now it might seem like a minor issue -- in many tech fields, there are enough candidates that employers can dictate terms to their employees, and employees are sufficiently discouraged by the thought of finding a new job, that they won't tell them to suck eggs and walk away. However, in a tighter market this might not be the case. I could easily see a situation where a company might decide that it's cheaper to offer unfettered internet access (and swallow the cost of the productivity hit) rather than pay extra in order to recruit and retain people who are willing to work under more limited conditions.

I've thought about what it's worth to me, and I think I would probably accept working in a secure area (where there's no public net access) for about a 5% pay increase; any less than that, and I'd probably say no. If they just started blocking web traffic tomorrow in my current position, I probably wouldn't quit immediately, but it would certainly factor into my list of things that I don't particularly like. At some point when that list got long enough, I'd find another job.

Everything's a trade-off, both from the employer's perspective and the employee's.

Exactly. And, some people with skills won't work at a company that has a reputation for being less than willing to allow unfettered access. Those companies lose out on some of the best people as a result. It's a market, just like any other, really.

Firstly, I think there should be an expressed expectation of privacy, or level thereof. I expect that my employer wouldn't put a camera in the bathrooms. I think what keeps some from doing so is the letter of the law and the blanket coverage of all employees, including those responsible for the cameras. But I'm not going to bother to find and quote any decisions. My employer has a stated computer useage requirements. It is intentionally vague, but not beyond most people's comprehension. For instance, it doesn't identify the web filtering in place, but specifically prohibits circumventive behavior. I'm not happy about this as I don't agree with the filtering of sites like the wikipedia as personal pages. But I hardly find it reason enough to find other work.

But the expectation of entitlement to anything not compensated for is rediculous. The idea that only the educated have bargaining power is rather ignorant. Your assertion that companies will lose out on the best employees seems to imply that because it decided to settle for less than the best that it will fail. My employer is a prime example of the contrary. This may be true when applied to entities of different sizes, say an accounting office with ten people might have greater friction and turnover over something as simple as web filtering. But even it would not instantly go out of business due to restictive uses.

The only variable that ultimately affects any business is money. People will put up with a lot of unnecessary shit for the right price. That is the double edge sword of getting what you pay for. Pay peanuts, expect elephants.

The only variable that ultimately affects any business is money. People will put up with a lot of unnecessary shit for the right price.

I won't speak for the GP, but this was my original point -- people will put up with anything if you pay them enough. I'm sure somewhere, you could find people who would be willing to let you beat them with a rubber hose on a daily basis; they'd just be very expensive. (If they had any other skills besides 'will allow self to be beaten regularly.')

I'm sure somewhere, you could find people who would be willing to let you beat them with a rubber hose on a daily basis; they'd just be very expensive. (If they had any other skills besides 'will allow self to be beaten regularly.')
Hey, some of us would do that for free.:)

I think you might have it wrong. And i say this from a larger perspective called professionalism. By the time your employing people who will have internet access and actually care enough about it verses pay, You expect a level of professionist that just negates the point of restricting it.If you have kids renting movies or pumping gas all day, then they aren't going to quit because you changed the password to you AOL dial up account. They don't get paid enough to care about internet access. So in the end, I

Some employees can make pretty childish decisions at times but in the whole be fairly productive. Providing a warning screen about logging and restrictions every time they connect to the internet can solve most problems.

Unfettered internet access makes no sence in an employment situation. Once mobile connections get cheap enough, all the employees will end up playing with their own personal pdas, privately, all day long instead;).

I ussed to work in retail, our store was horribly slow and our POSs had internet access (with not to much restriction), so we all sat around and played flash games, tooled about on MySpace, or read webcomics (that was me). Every so often our manager would yell at us for doing it, and we would ignore him.

However I made the amusing (and disturbing) discovery that our boss was surfing porn in the back room (was poking through the history for something I had looked up the day before). It was fill

If your company pays for the internet access and for the machines the employees are using to access the internet, it would be foolish to feel they have any right to privacy. I don't like the idea of higher ups being able to see what I've been doing online, but I understand that since I'm using the company's internet connection and their computer (and their electricity, and the time I'm being paid to work) they can snoop in at any time.
God save us all if they discover how much time people spend on/.

I continue to hope that good managers would understand people getting sidetracked during the day. Browsing/. and random news stories is my way of letting my brain process on something so it gets internalized, and I can then go tackle the problem head on. I don't work well just beating my head against something, I have to poke at it for a while and then go read or play a flash game for 10 minutes and let it sink in. Subconcious processing, transfer to long-term memory, whatever it is, it's how I work. I'm plenty productive despite hitting/. about 5 times a day.

That may be how your brain works -- and you may have found a career and employer that allows it, but I think that's the exception rather than the rule.I'm fairly certain I could find someone who can be as productive as you when you are working -- the entire day (sans scheduled breaks) with your skill set who doesn't find it necessary to spend 10 mins playing a flash game to let something "sink in". Unless your flash playing/sink-in time and 5 some odd/. reads a day are during regular breaks...

Well since basically every employee does that, an employer that does not expect and understand it is far past delusional.and who wants to work for someone that is that out of touch with reality. Employees slack off at work, if someone does not understand that concept, well they are flat out idiots and i am willing to bet, have extremely high turn over rates.

Those no down time employees, usually burn out and come back with an AR15...

They certainly dont do so regularly if they wish to remain employees. What we have here, I think, is a difference in opinion of what amount of slack is acceptable.

well they are flat out idiots and i am willing to bet, have extremely high turn over rates.

My department staff (about 8) range from 8 years to as recent as 6 months ago. Most have been with us for over 4 years. For a department that picked up most of it's staff 4 years ago, I think we're doing well. BTW, the 6 mo

Then again, I'm pretty good at hiring. We don't really have a "slack" problem in my department.

Uh huh. Keep telling yourself that. My guess is your employees are just better at "looking busy" all the time. Or maybe they all overwork themselves and wind up making dumb mistakes they wouldn't have if they "slacked". What a pissant little boss you must be. I feel sorry for your employees.

While many don't like to think so, employment is a two way relationship. If the employer wishes to keep me doing work they have to allow a small amount of slack time. I actually have 3 jobs lined up right now and get calls daily with more possible offers. I've found that the market in my area is so good it is really my decision on where I work not the employers.Sure they always like to say I'm paying you to do something.when actuallyI'm doing something to get paid. It is my choice not theirs.

As an employee of a big retail company, I tend to give to the employer as my bosses give to me. I've worked several different shifts with different management. If they yell at me for being back at 16 minutes when my break is 15 minutes, I punch out at 3:30 and leave when my shift is over rather than making sure things are finished up. On the other hand, if they let me start my 15 when I get to the break area and sit down(about a 5 min walk from the stockroom to there) and let me not leave until my break

It's just been my experience that there are plenty of people out there who DON'T require thinking "down time", who are exceptionally productive and more often than not, less troublesome employees. What you are describing sounds to me to be stress coping rather than thought processing -- which, as management -- suggests to me you have poor stress coping skills or are more prone work poorly under work-related pressure.

And it's been my experience that the type of control-freak management style that you seem to

And it's been my experience that the type of control-freak management style that you seem to exhibit only lowers peoples productivity. You think all people are easily replaceable so you don't value them. You think every problem is one of employees and it can be fixed with just a few firings

Wow. You have an amazing ability to put words in the mouths of others -- words they never said! Good job!

Seriously, your criticism is weak and suggests you have no management skills or experience. Particularly obvio

I'm fairly certain I could find someone who can be as productive as you when you are working -- the entire day (sans scheduled breaks) with your skill set who doesn't find it necessary to spend 10 mins playing a flash game to let something "sink in". Unless your flash playing/sink-in time and 5 some odd/. reads a day are during regular breaks...

The fact that you think people in highly creative disciplines like programming should only take "scheduled breaks" speaks loads about your management style.

The fact that you think people in highly creative disciplines like programming should only take "scheduled breaks" speaks loads about your management style.

First, you are misreading my post. Second, I'm sure you are unfamiliar with California Labor Law which, as I've stated in this thread, is fairly strict about work breaks and there is not much wiggle-room. If your gripe is with "scheduled breaks", complain to Sacramento about their rules, not to me about my management style.

No. Because your attempt to narrow the field down to programmers -- who are typically either exempt, 1099, or sub-contracted out -- as some crazy example about how wrong I am. Either you were deliberately narrowing the profession down to something silly (thus being intellectually dishonest) in a piss-poor attempt at a reductio ad absurdum while committing a strawman, *OR* you dont know anything you are talking about. I figured you were mo

Seriously, though... unless you're talking about managing people in some menial non-creative job, you're not going to get results that way. You can't demand creativity on the spot. Sometimes people have to sit and mull stuff over. And by the way, the fact that you use the phrasing, "when you need a little breaky-wakey from your oh so stressful day" shows that you have no idea how to work with people who actually do creative work. My original post was nothing about t

First off, stop posting AC and I'll take you a whole lot more seriously. Secondly, flash games were just an example of giving my brain downtime to process on stuff. You're focusing on it as if I said that's the only thing I use. Third, why does it matter whether the employee can correctly estimate the time they spend on these things, if they get their work done in the end? As long as they're turning in what you need on time, it's really none of your business how they get there. Finally, you say it's your jo

but basically, this monitoring business is just a replacement for common sense, ie at the end of the day, did the employee get his shit done...that is all that matters. but instead you get managers who think they will suddenly be in touch with employees by monitoring their internet usage, instead of just paying attention to the quality of the work.

It's not foolish at all to expect a right to reasonable privacy at work. On the contrary, it's common sense.

Morally, any reasonable employer must accept that they are employing human beings and not machines, that human beings have certain expectations about privacy, and that our culture today makes it all but certain that occasional personal use of phones, web sites and the like will be necessary during working hours.

Legally, I know the US sucks here, but in the UK for example, the Office of the Informa

My company reports the estimated time spent online and # of sites to managers that request the information, but does not report the sites themselves. The company owners are the only ones outside of IT that can view the names of sites visited... and then only a list of blocked sites by user.

You could get a rough number by watching the page requests. If someone requests a page every couple of minutes, then it's easy to figure they're "online" from the time of the first request to the last. Draw a line whenever there's a N minute gap between requests. That's my first thought, though, I'm curious as to how other people would approach the problem.

However, word has got round to some managers that this capability exists. They are starting to ask my team to provide lists of sites that their team members have accessed over the past few weeks, claiming they are suspicious of time wasting on the Internet and need proof.

It takes real time to develop a culture in a workplace. If your culture is such that managers are looking for evidence of "slacking" to try to motivate them or replace them, then you are probably looking at a lost cause. The only thing I can recommend is a well written letter to someone high up in the company about the dangers of an adversarial workplace culture and the resulting brain drain and poor quality.

We're pushing back because of privacy concerns but the pressure is building on us. We have no experience in this area, and I'd like to ask Slashdot how other companies handle this, what the important considerations are, and where it could all go wrong?"

Any manager that needs to look at logs like this for their employees is incompetent and dragging your company down. A good manager provides positive incentives for employees and creates loyalty both to himself and to the company by treating employees like people. The only reason to consider removing an employee is if they are not getting their job done. If this is the case, then they should be able to tell him why. If he does not trust them, he should find someone else regardless of what a log says.

Treating your employees as mercenaries will make them act that way. Why should they give 2 weeks notice if they're leaving? Why shouldn't they steal office supplies if they can get away with it. Why shouldn't they make a copy of your customer database or defect to the competition? If money is all you are offering, then you can always be outbid.

One thing you might want to consider and which might be able to pull you company out of its cultural death spin is moving drastically from secret monitoring to complete openness. Make an announcement to the whole company that internet monitoring is being applied and then open the system up to everyone. Managers will be able to see what sites their employees visit, but employees will be able to see what sites their bosses visit and when and for how long. We have such a system here, and every now and again we'll announce in a meeting the person who wasted the most time on Slashdot that month.

With such a move to openness i does not seem so much like an us versus them arrangement, but rather an even playing field for all. It works for us, but then we also have a very progressive culture of treating employees well and avoiding micro management. People take on responsibilities and the only problem is if they don't live up to them. No one cares if I post on Slashdot in the middle of the day, so long as I get my work done and it is of sufficient quality. It may be too late where you work, however. You might want to seriously consider looking for an employer that is smarter.

All good except for this tidbit:> We have such a system here, and every now and again we'll announce in a meeting the person who wasted the most time on Slashdot that month.

I don't consider Slashdot a waste of time. It is three things: A source of information, a source of encouragement (see what other people in the same situation go through, and how they cope/resolve), and a way to feel part of a community of like-minded people.

All three of these benefits are generally lacking for geeks in the Fortune 50

I was partly being facetious. Slashdot is not entirely a waste of time and does keep employees informed about current events in the tech field. It has, in fact, provided useful information that lead to further research and press announcements from our company. It is not, however, the primary duty of most employees so we can laughingly point out who spent the most time reading Slashdot instead of coding.

How do you tell the difference between reading slashdot and having slashdot open in a window while you are working on something else. time() spent on the webbrowser process?

Actually, we measure the number of transactions between Slashdot and the host. So if you automatically reload Slashdot all the time, you'd win. We do differentiate RSS though and discount it. Note, we did not waste any time setting this up, we happen to develop a tool for sale that has this as a small chunk of the functionality and it

Depends, doesn't it? What if you're a cashier in a quickie-mart? A guy who shovels boxes into trucks at Fedex? An airline pilot, flying the plane?

Extreme examples (intended), but... clearly there are cases where the intar-tube has absolutely zero relevence, to the point of (possibly) being detrimental. Personal time during a break? That's a different story - and is more appropriate to the "coke machine" and "cable TV" examples. Off break & on duty? Not so

Very nice reply.A good manager provides positive incentives for employees and creates loyalty both to himself and to the company by treating employees like people.

I would also add to this that it is essential for a good manager to garner the respect of his employees and fosters respect among his employees.

I work for a huge, oppressive, impersonal, giant international corporation. Despite the Dilbert-esque corporate policies, I love working here. Why? I have huge amounts of professional respect for my dir

...is a lack of results/deliverables in the expected time frame. Either your employees are producing at an acceptable level or they aren't. I don't understand why many managers feel they need to waste time with the cat and mouse games. Perhaps the real question this guy should be asking is "Why do the middle managers at my company have time available to look into this; Perhaps we should have fewer middle managers."

Being a tech support monkey at both a university and a private business I have been told by the lawyers at both places there is little or no expectation of privacy using a businesses equipment. They pay for it and pay you to use it for their benefit, not yours. Universities are often trickier with the whole academic freedom bit and the often continuous political games. We have had the best results with the policy described by a previous poster. Accept requests for those records from only one or two people of authority. The head of HR for instance, it takes the load off the IT department and helps limit the number of requests. People will hassle It to try to get that information for all kinds of petty reasons, but HR controls reviews and paychecks, it often makes people think twice before asking for things.

Thank God my bosses believe me when I describe Slashdot as a tech reference site and I am in charge of any network monitoring we might do.:)

As a manager of engineering teams, I do not look to closely at what the staff does; As long as the product works, and it is delivered in a timely manner. The company owns the equipment, so there is a need to respect its ownership. I tell the team leaders that it is not a good thing to be caught accessing the design ideas from a porn site, at work. And I do know that the porn industry is light years ahead of all of us when it comes to copyrights, revenues, downloads, and traffic monitoring. My advice for companies that have managers that need to spy on employees is to ask that manager for immediate status report on all outstanding projects. Then start increasing that managers work load. If a person has time to spy, then that person has time to work; For the good of the company. And if there is no work for that person, then maybe the Finance Department should be brought into the loop at that time.

Well put.If your employees/team are being productive, and your project is successful and you're meeting deadlines, I question why a manager really ought to care whether people are reading Slashdot or Google News or playing the occasional Flash game.

If work's getting done, don't micromanage -- let your people do their work; the damage you'll do by creating an adversarial work culture probably greatly outweighs the very small gain in efficiency you'll get by prohibiting web browsing (and for some people, proh

The problem being that if one person is sitting on their ass while everyone else is picking up the slack it turns into a targeted attack if you just start monitoring that one person.I am fine with that but of course lawyers seem to be able to play all kinds of games with that if the person is a minority or a female etc...

From the hard working employee looking up it looks like a stupid and ridiculous decision. From the manager looking down it looks like a stupid and ridiculous process to avoid other stupide

Absolutely right, in my opinion.
I have a short attention span. Hey, I've grown up over the last two decades (mostly the late half of the prior, to be exact), who in my age hasn't? Anyways: Focussing on something is an aweful lot harder for me, if I do not get my breaks from time to time. I'd say I am generally faster at doing my work in private as in corporate matters, but I simply cannot work for more than about 30 minutes. After that, I'll need five minutes of my own. From a strictly mathematical perspe

I think there is enough technical advice/insight on/. (if you've got a good BS filter) that it could be considered at least a grey area for a lot of folks in technical jobs. Many of the "Ask Slashdot" discussions provide the insight of experienced people.

Consider this discussion. If you were newly in a position like this, getting a feel for how other people have handled the situation would be useful.

Back on topic, I have always tried to resist efforts of mid-managers to rifle through the logs. It's ti

I'll say it again though.. These requests should only come from HR/Personell whatever you call them.

At a previous job I had the task of the web filter logs, as well as access to all emails and user's files. Sure, I looked at them sometimes, but only if I needed to. And yes, at times lower lever managers - supervisors - would ask for information about their direct reports.

Even though no direct policy like this existed, I told them I will only give that information to HR. One time the CEO asked for something, and I would not even give it to him. I defered him to my boss, who, probably gave it to him, but I made it very clear:

"I've been given trust by the company to access this information. What if someone went to a website that divulged information about a medical condition that they were keeping secret? Granted, they would be wrong for doing it on company time, but I am NOT going to be the one to give up that information"

I think I also gained a little respect by saying that and instituting my policy. Of course, YMMV

Only an incompetent manager cares whether or not their employees are goofing off, cruising the internet. A competent manager measures employee performance by measuring the employee's performance. In other words, give them work to do, and measure how well and how timely it is done.If you give all your people the same amount of work to do, and one of them doesn't do it as well or as quickly as the rest, it doesn't matter why. He's a substandard employee, and needs to improve or leave.

We were told at one company that I worked at that the supervisors had the ability to spy on our desktops to see what we're doing. A new supervisor rushed over to my cube to tell me that looking at Amazon was against company policy and he caught me red handed (it was still on the screen after being there for only a minute). I pointed out that 1) I was on my break with a breakfast burrito in hand, 2) the entire company knows I get stuff delivered from Amazon, and 3) my last supervisor gave me an Amazon gift certificate at the completion of my last project. He went off mad when I told him to bugger off. This is the same management team that couldn't find the computer that had 300+ virus/trojan horses/spyware that kept bringing down the network every three days for the past month.

Besides, I did all my non-work web browsing on my PDA using the wireless link from the company next door. Do you know how hard it was to type a Slashdot comment on a tiny virtual keyboard?:P

Besides, I did all my non-work web browsing on my PDA using the wireless link from the company next door. Do you know how hard it was to type a Slashdot comment on a tiny virtual keyboard?

I think it depends on your model. Mine has a feature where it automatically generates a comment disagreeing with a specified comment. It works great for Slashdot, as the PDA's intelligence, however artificial, is on par with the average user here. I accidentally used the feature on one of my own comments once, and peopl

I been in a similar situation when the QA bug database was being hosted on an old Windows 98 system that was being kept in my cube. It started developing the click of death in the hard drive. I pointed out to management that this was a serious problem that needed to be taken care of. What happen? The QA manager relocates the machine to his cube without telling me, knocks over the computer while plugging in the network cable, and the hard drive died booting up. The manager got upset to learn that there was n

From reading the post, I'm guessing you're one of the folks who actually works for a living, rather than manages other people who actually work for a living. Decisions like this usually aren't handled at the "actually do it" level. This is definitely something I'd kick up through the management chain, as this is something that should be clarified at a company policy level.

Some companies make it very clear that people who work for them are subject to monitoring, etc., and can expect no privacy. Others will have the same general policy, but have other policies in place as to who can see the logs and under what circumstances. That's what you'll have to establish, and it's a decision that should be handled at a management level high enough to make it stick.

My answer, in the absense of an established policy would be "Have your boss talk to my boss, and they can hash it out with HR and Legal."

Basically, as someone else said, these sorts of things should be funnelled through your HR dept. Any investigation that could result in disicipline of an employee should go through HR. It isn't up to you guys to determine what requests are legit or not. There needs to be a central channel that all investigitory requests concerning employees has to go through. 99% of the time that's an HR dept. If a union got wiff of what's going on, you might be in the beating end of the union stick.

I'm presuming that you have other things to do with your day. One simple way to re-cast this question is in terms of costs. I presume that the justifications being offered for the reports are "finding time wasters" and "saving the company money".The way that I would frame your response is to calculate how much these reports would cost in terms of:

Your time to develop these reports, maintain the system, print them out, sort them, etc.

The managers time to recieve, read and digest the reports, decide whethe

Since you don't know if you should do it, I'm assuming no one has specifically given you authority to do it. Therefore, you just do the number one corporate run-around "I'm not authorized to do that." Then if they as who is, tell them you don't know.

From the description, there appears to be no policy in place governing how IT information can be used by company management. The problem lies in that fact, not the fact that someone is requesting the information.I suspect that this is also further complicated by the fact that employment is regulated at the detail level on a state by state basis, and therefore the legal aspects of your situation will be influenced by local laws.

However, what I would do if this is the first time this has happened is to run t

Any management that thinks auditing is an effective way of encouraging good work ethics is insane and grossly inept and should be fired immediately. Any manager that sees low productivity or low morale and thinks the solution is to start snooping on employee activities should give up and become a basket weaver.

I would recommend, like a poster above, to read company policies, and see whether you report to department managers or to HR only. Also, look at whether employees have an expectation to privacy or not, as that is important. Personally, I would say that allowing department managers to track down their subordinates is only going to end up in a witch hunt that's going to get everyone pissed off. The managers are going to want more productivity, while the employees are going to be unhappy that there's such a "b

Sure, give the lists to the managers... and then give the list of places the MANAGER goes to to the employees. And finally, go to the CEO and explain that your company employees are attempting to canabalize itself, and that he/she'd better do something quick or you are all doomed.

When I worked for the Navy, our users were expected to adhere to the Navy and DOD requirements. Locally, commanding officers could set policy regarding how much "freedom" people had to casually browse (i.e., "lunchtime" browsing desires versus mission needs and effects on badwidth). We had a happy medium and everyone complied without complaint. Based on that, here's what I would do:

1. Set a distinct, written policy regarding what's allowable and what isn't. If users can casually browse during idle moment

which restrict the web sites that employees can visit [...]
they are suspicious of time wasting on the Internet and need proof.

Before worrying about privacy issues (you can make those go away
with the simple wave of an AUP), you should perhaps wonder if the
people in question work hourly or on salary.

You have a set of sites you allow. If you then scold people
for going there, you need a reason to do so. "Wasting time" simply
doesn't apply to salaried employees - As the flip-side to all that
unpaid ov

It doesn't really matter what the IT Department thinks about this issue, or whether people in general think it is a good idea or not. It doesn't matter that some slashdot readers get all emotional over this and criticize all managers as idiots no matter who they are or where they work. The only thing that matters is whether a company has a legal right to do so. There are some states where employees have certain legal rights and expectations, but I guarantee you slashdot readers are not the ones who will ma

I'm a network admin at the moment, and get an ISA report sent to my inbox every day reporting employee computer usage. I usually glance over it and see if there has been any significant use of bandwidth to a non-business website. If I notice unusual use of bandwidth to a site that isn't for business, I'll tell the employee I know what they have been doing, and that the company president may too (since he gets the reports also). Maybe your team could do similar. Cram all those ISA reports down the manage

You're on company equipment, on company time; there should not be any expectation of privacy. At a previous employer, I boiled down the proxy logs daily to a list of sites and forwarded it to our security group. If they saw something suspicious, I was asked BY THEM to pull the detail records of IP and employee ID. In one case, it led to someone being walked out the door for surfing kiddy-pr0n sites at his desk.Someone checking their e-mail over lunch is one thing, but someone spending half the day checki

Where I work, "incidental" personal use is tolerated. All requested URLs are logged. Our asset protection group looks at this information and pulls out those suspected of spending too much time online. They would then investigate and if it looked like the person was spending most of their day browsing non-business sites, they'd bring that information to the attention of their supervisor. We also utilize blocking software, and if employees tend to hit too many of these blocks, it's my understanding that

You need to have a written policy which also informs employees that you are doing this and to make sure every knows about it. If you don't do this you your company can be sued for discrimination when it fires one employee but not another for certain uses of the internet.

For a few clients I've worked at. The only time they really want to read any logs is when they want to get rid of a specific employee. If you're not on their hit list you didn't have a worry, but it you were then they would find the smallest detail in a log to pick you out and fire you for breaking their internet use policy.

Give them a form that requires their signature and the signature of the person involved. Make it quite clear that signing is voluntary. Make it also clear that both the employee and the manager will have their web sites posted.